Merge pull request #22 from tryretool/mcramer_rds_fix

rds and rds security group moved to correct vpc

Author: prashantmital

modules/aws_ecs/main.tf

@@ -16,6 +16,11 @@ resource "aws_cloudwatch_log_group" "this" {
   retention_in_days = var.log_retention_in_days
 }
 
+resource "aws_db_subnet_group" "this" {
+  name = "${var.deployment_name}-retool"
+  subnet_ids = var.subnet_ids
+}
+
 resource "aws_db_instance" "this" {
   identifier                    = "${var.deployment_name}-rds-instance"
   allocated_storage            = 80
@@ -28,6 +33,7 @@ resource "aws_db_instance" "this" {
   port                         = 5432
   publicly_accessible          = var.rds_publicly_accessible
   vpc_security_group_ids       = [aws_security_group.rds.id]
+  db_subnet_group_name         = aws_db_subnet_group.this.id
   performance_insights_enabled = var.rds_performance_insights_enabled
 
   skip_final_snapshot          = true
@@ -415,4 +421,4 @@ module "temporal" {
   launch_type = var.launch_type
   container_sg_id = aws_security_group.containers.id
   aws_ecs_capacity_provider_name = var.launch_type == "EC2" ? aws_ecs_capacity_provider.this[0].name : null
-}
+}

modules/aws_ecs/security.tf

@@ -1,6 +1,7 @@
 resource "aws_security_group" "rds" {
   name        = "${var.deployment_name}-rds-security-group"
   description = "Retool database security group"
+  vpc_id      = var.vpc_id
 
   ingress {
     description = "Retool ECS Postgres Inbound"
@@ -105,4 +106,4 @@ resource "aws_vpc_security_group_ingress_rule" "containers_self_ingress" {
   description = "Allow self-ingress for inter-container communication"
   referenced_security_group_id = aws_security_group.containers.id
   ip_protocol = -1
-}
+}

modules/aws_ecs/variables.tf

@@ -113,7 +113,7 @@ variable "rds_instance_class" {
 
 variable "rds_publicly_accessible" {
   type        = bool
-  default     = true
+  default     = false
   description = "Whether the RDS instance should be publicly accessible. Defaults to false."
 }